A complex type that describes the default cache behavior if you do not specify a
CacheBehavior element or if files don't match any of the values of
CacheBehavior elements. You must create exactly one
default cache behavior.
A complex type that controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. There are three choices:
CloudFront forwards only
CloudFront forwards only
GET, HEAD, OPTIONS, PUT, PATCH, POST, and
If you pick the third choice, you may need to restrict access to your Amazon S3 bucket or to your custom origin so users can't perform operations that you don't want them to. For example, you might not want users to have permissions to delete objects from your origin.
Type: AllowedMethods object
Whether you want CloudFront to automatically compress certain files for this cache behavior. If so, specify
true; if not, specify
false. For more information, see Serving Compressed Files in the Amazon CloudFront Developer Guide.
The default amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin does not add HTTP headers such as
Cache-Control s-maxage, and
Expiresto objects. For more information, see Specifying How Long Objects and Errors Stay in a CloudFront Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.
A complex type that specifies how CloudFront handles query strings and cookies.
Type: ForwardedValues object
A complex type that contains zero or more Lambda function associations for a cache behavior.
Type: LambdaFunctionAssociations object
The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. For more information, see Specifying How Long Objects and Errors Stay in a CloudFront Edge Cache (Expiration) in the Amazon Amazon CloudFront Developer Guide.
You must specify
MinTTLif you configure CloudFront to forward all headers to your origin (under
Headers, if you specify
Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify
true; if not, specify
false. If you specify
SmoothStreaming, you can still distribute other content using this cache behavior if the content matches the value of
The value of
IDfor the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
A complex type that specifies the AWS accounts, if any, that you want to allow to create signed URLs for private content.
If you want to require signed URLs in requests for objects in the target origin that match the
PathPatternfor this cache behavior, specify
Enabled, and specify the applicable values for
Items. For more information, see Serving Private Content through CloudFront in the Amazon Amazon CloudFront Developer Guide.
If you don't want to require signed URLs in requests for objects that match
To add, change, or remove one or more trusted signers, change
true(if it's currently
Quantityas applicable, and specify all of the trusted signers that you want to include in the updated distribution.
Type: TrustedSigners object
The protocol that viewers can use to access the files in the origin specified by
TargetOriginIdwhen a request matches the path pattern in
PathPattern. You can specify the following options:
allow-all: Viewers can use HTTP or HTTPS.
redirect-to-https: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL.
https-only: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden).
For more information about requiring the HTTPS protocol, see Using an HTTPS Connection to Access Your Objects in the Amazon CloudFront Developer Guide.
The only way to guarantee that viewers retrieve an object that was fetched from the origin using HTTPS is never to use any other protocol to fetch the object. If you have recently changed from HTTP to HTTPS, we recommend that you clear your objects' cache because cached objects are protocol agnostic. That means that an edge location will return an object from the cache regardless of whether the current request protocol matches the protocol used previously. For more information, see Specifying How Long Objects and Errors Stay in a CloudFront Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.
allow-all | https-only | redirect-to-https